697c7af5cad4c2ee7706f2dc20773f00N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

697c7af5cad4c2ee7706f2dc20773f00N.exe
Size

173KB
MD5

697c7af5cad4c2ee7706f2dc20773f00
SHA1

e2394371e92abc60f5d292f147fbb96edd46977f
SHA256

57ec160cdf54ff6a6d7380a7c95b49c9618ac9e7248f06698b3ad73bda64b54d
SHA512

d42d69b6bf394f880e650071c649bac3de2e2081a482cbb92ca94a017f6bf4e89043c176f1255ccb1fba4735ecaa9a5e527ae1333a0d0b6fca1245efa7dbd0c1
SSDEEP

3072:eGHxmlJXYYn3+If1RSIqx+1ONDiILwKkj8Dena1S8fOOOOOOOOm3/i/P:eGIotQq814DiIL3c8DN/eq/P

Score

1^/10

Malware Config

Signatures

Files

697c7af5cad4c2ee7706f2dc20773f00N.exe
.exe windows:5 windows x86 arch:x86

e62fd75df235785a6716cbd87d4e87e6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1a:35:73:39:c3:b7:4c:1f:e1:de:b8:98:1c:f0:27:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

08/08/2012, 00:00

Not After

08/08/2015, 23:59

Subject

CN=OPSWAT\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Engineering,O=OPSWAT\, Inc.,L=San Francisco,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:6e:30:da:ab:ea:df:22:06:0e:d8:63:39:1b:da:a4:81:c0:60:89
Signer

Actual PE Digest

23:6e:30:da:ab:ea:df:22:06:0e:d8:63:39:1b:da:a4:81:c0:60:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\BuildAgent\work\aa5602f5c4767042\bin\Release\waodwd.pdb

Imports

rpcrt4

RpcServerListen
RpcMgmtStopServerListening
RpcServerRegisterIf2
RpcServerUseProtseqEpW
RpcBindingFree
NdrServerCall2
NdrClientCall2
RpcStringFreeW
RpcRaiseException
RpcStringBindingComposeW
RpcBindingFromStringBindingW

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW
WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

HeapFree
GetModuleHandleW
GetProcessHeap
LoadLibraryW
GetModuleFileNameW
GetProcAddress
DeleteFileW
CreateProcessW
WaitForSingleObject
OpenProcess
GetExitCodeProcess
TerminateProcess
ProcessIdToSessionId
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
SetEvent
OpenThread
GetExitCodeThread
CreateEventW
GetCurrentThreadId
GetTickCount
GetConsoleMode
GetConsoleCP
VirtualAlloc
VirtualFree
HeapAlloc
FreeLibrary
GetFullPathNameW
GetSystemInfo
CreateFileMappingW
GetFileSizeEx
MapViewOfFile
LocalAlloc
CloseHandle
DeleteCriticalSection
EnterCriticalSection
CreateFileW
LeaveCriticalSection
InitializeCriticalSection
WriteFile
LockFile
UnlockFile
MoveFileExW
SetFilePointer
Sleep
LocalFree
SetEnvironmentVariableA
GetLastError
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetLocaleInfoA
GetStringTypeA
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
HeapCreate
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
GetStartupInfoW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
ExitThread
CreateThread
ExitProcess

user32

wsprintfW

advapi32

GetTokenInformation
DuplicateTokenEx
ControlService
QueryServiceStatusEx
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RevertToSelf
ImpersonateLoggedOnUser
LookupAccountSidW
CreateProcessAsUserW
OpenProcessToken
CryptDecrypt
CryptDestroyKey
CryptGenKey
CryptEncrypt
CryptImportKey
CryptGenRandom
CryptGetProvParam
CryptDuplicateKey
CryptReleaseContext
CryptGetKeyParam
CryptSetKeyParam
CryptAcquireContextW
CryptExportKey

shell32

SHGetFolderPathW

ole32

CoTaskMemFree

oleaut32

SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetDim
SafeArrayGetLBound
SysAllocString
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserSize
VARIANT_UserMarshal
VariantInit
VariantClear
SysStringLen

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e62fd75df235785a6716cbd87d4e87e6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

1a:35:73:39:c3:b7:4c:1f:e1:de:b8:98:1c:f0:27:8dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

23:6e:30:da:ab:ea:df:22:06:0e:d8:63:39:1b:da:a4:81:c0:60:89Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

psapi

wtsapi32

userenv

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 5KB - Virtual size: 13KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 11KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

1a:35:73:39:c3:b7:4c:1f:e1:de:b8:98:1c:f0:27:8d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

23:6e:30:da:ab:ea:df:22:06:0e:d8:63:39:1b:da:a4:81:c0:60:89
Signer

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 11KB